On Monday 01 July 2002 20.46, Michael Shuey wrote: > First, why would I want to SNAT locally originating packets? > Second, are you telling me that netfilter _does_ check to see if a > port is locally bound before using it for a translation?
Mainly in case the locally selected port is already in use by a NAT:ed connection. NAT checks to see that the port isn't already in use by NAT or local sockets, but as far as I know local traffic do not check that the port isn't already in use by NAT. By applying SNAT to the locally originating traffic as well the NAT engine will detect any such collisions and reassign the port automatically. Regards Henrik
